Child pages
  • 1-April-2020
Skip to end of metadata
Go to start of metadata


  • Chris Hyzer, Penn, Chair
  • Chad Redman, University of North Carolina Chapel Hill
  • Shilen Patel, Duke
  • Carey Black, the Ohio State University
  • Jeff Williams, University of North Carolina Greensboro
  • Vivek Sachdiva, independent
  • Bill Thompson, Lafayette College
  • Matt Wolfley, Unicon
  •  Emily Eisbruch, Internet2

  Action Items

 Grouper Action Items are here  

New Action Items

AI Chad will make change so emails about Cron Job Unit testing go to the Grouper Developers

AI Chris change the setting for upper limit for DDL upgrade 

AI Matt add JIRA ( GRP-2633 ) for  status URL (Nagios) can reference the data dynamically and tell user when they look at status page if the version they are on is stable (Done)


Grouper School Moved to Online June 2-3, 2020


 Grouper 2.5 release  


Cron Jobs

  • AI Chad will make change so emails about Cron Job Unit testing go to the Grouper Developers.  The team would like to get all the emails, so they have the history to help with  commits.  
  • If something conflicts it needs to be taken out.
  • Need a switch for chron?  NO, all must pass
  • Temp directory is needed
  • Chris is happy w unit tests for Grouper 2.5. So getting them to run in suite is not critical for Grouper 2.5.  Work on this before or shortly thereafter the release.  

 Current work tasks, and next tasks

Vivek – 

  • Vivek as been working on web service , modified to add new arguments (cursor based pagination, etc)
  • Install container modifications, ask users if they want , includes property in grouper hibernate properties
  • Attribute churn work is done
  • Unit tests


DDL work

    • Should be more like managing JIRA or Confluence
    • Setting to auto DDL , set it up to go to 2.5 *
    • Update the database to that version 
    • Only add tables 
    • Old world , if container has changes, then you must turn on container and do GSH registry check, generate that script , or keep copies , it’s n
    • Situations where DDL does not finish or things happen 
    • If you run a deep GSH registry ,  will still do what it used to do,
    • Gives a script that does multiple things
    • Does a manual check
    • If it’s there you get success 
    • Or if not you get something is wrong
    • Did produce SQL file
    • DDL Utils is an abandoned project?
    • Will this upgrade the database?
    • Depends on the setting
    • Either way the DDL works better
    • As long as container is 2.5, auto update
    • If going from 2.2 must go incrementally
    • Cap on upper end of where it will upgrade to, might change this
  • AI Chris change the setting for upper limit for DDL upgrade 


  • Updates to LDAP provisioning DAO
  • Commit and wont do anything bad
  • Some LDAP code changes, and retested
  • Using ldaptive
  • Could do more testing


  • Azure connector
  • Almost ready to be merged
  • Handling of Apache license code 
  • Free account for Azure for integration tests
  • Branding and naming, called Office 365
  • Unicon was Office 365 and Azure provisioner
  • It’s creating security groups in Azure AD
  • It’s not really office 365
  • Not unified groups
  • Before merging into Grouper code, should Chad change this where it says office 365 to say Azure?
  • When merge in, there is not clear history
  • Chris suggests to name it what makes sense
  • Uses retrofit , and other libraries,
  • JSON rest HTTP connector library
  • New Jar for us, people used to use Unicon Jar
  • Add it to the API or have a separate Jar for it?
  • Chad thinks separate
  • People can put Azure provisioner in custom libraries
  • So many Jars in container
  • Or Chad will make separate Jar that gets added in
  • Both incremental and full sync?
  • Only tested incremental so far
  • Kansas State has some helpful contribs, including a full sync
  • Chad pulled in some of that, 
  • Would be good to have full sync
  • Someone asked that on the list
  • Several people are using the Unicon code 
  • And have feature or bug requests
  • Microsoft teams use of groups
  • There are security groups
  • If you make something a unified groups it provisions other groups, may make a mailbox
  • Could be one of things to add
  • Attribute to signal that
  • Office 365 group or security group
  • If Office 365 group it makes  team
  • Chad: Office 365 does what it chooses to do with groups and it’s not well documented
  • Planner groups for example, not well explained, no documentation
  • Pick your poison
  • Names are all over the place now 
    • Long names for some of the jars
    • Need to clean up
  • Chad : OSU has AD sync to Azure 
  • Loader is change log consumer in this context
  • Suggestion to use the new provisioner
  • Hard to migrate attributes to new provisioner
  • Don’t want to maintain multiple
  • Are you provisioned? And a sync ID
  • There is a sync marker attribute on the group
  • Name is associated w the changelog consumer
  • There is an attribute for o365 so it knows what to sync with
  • Custom provisionable attribute
  • Marker attribute signals its provisionable
  • Syncs attributes based on the ID
  • Chris: this should be in the provisioning framework 
  • Another legacy code base?
  • Suggestion: integrate it in and allow others to use it for older Grouper versions
  • There are new attributes for the new provisioning
  • Would like to change this in near to medium future
  •  Several campuses hope to get  upgraded from Grouper 2.3 soon


  •  will be working on the remote training for early June
  • Training will be on Grouper 2.5


Release Steps

    • Emily look at Documentation issues for the Grouper 2.5 release
    • Chad will look at Cherry picks 
    • Some things we don’t want in master
    • Look at read me files
    • Do we need version properties files anymore? Chris will look at them
    • Review the Specsheet (Shilen)
    • Clients - Chris will look at 
    • Maven issues , see discussion w Scott K
    • Grouper will no longer check all JARS at startup, Chris will look at
    • Grouper client Grouper installer , Chris will add instructions, 
    • default path should be Docker container
    • With different maven versions published…. 
    • 2.5 release notes will have a list of the state of every build, user decides which to install
    • How will people know to look at the wiki?
    • Need to research Maven version to be sure it’s stable

  • AI Matt add JIRA ( GRP-2633 ) for  status URL (Nagios) can reference the data dynamically and tell user when they look at status page if the version they are on is stable

  • Need to do some installs and upgrades
  • Take the latest .15 container and install it
  • Testing
    • Oracle on Linux - Shilen , install and upgrade
    • Postgres Chad, install and upgrade 
    •  MySQL  - BillT
  • Goal: Done by end of weekend? 

  • Proper way of installing the container
  • Chris will update that wiki page
  •   installer will walk you thru it
  • Need to update the upgrade instructions, for 
    • folder in UI where you see all folders, default changed,  and
    •  rule where you veto if you are in folder but not a group (J crawford issue)

After Grouper 2.5 is released, the focus will be on provisioning

Issue Roundup 


March 19, 2020 - Chad - the ${} isn't even jexl, it's Grouper's marker for jexl

March 19 - J Crawford - provide a folder to other groups on campus? There are a few activities that can seem rather simple but can trigger a lot of changes that grouper has to chug through

March 23 - J Crawford - migrate folder - privileges get screwed up in the target system

March 23 - Carey - gsh.obliterateStem() questions  ….

 1: Am I understanding that correctly?

 2: What is the best way to disable a ChangeLogConsumer? ( AKA: Is the following missing any steps? )

March 24 - Sudheer - With PSPNG is there difference in de provisioning group membership by deleting the folder and all groups under that folder vs removing the group membership?  

March 25- Chris Hyz - tier/grouper:2.4.0-a96-u57-w11-p12-20200324-rc1   is the latest 2.4 image and is what people should use

March 25 - ScottK upgraded a fully patched 2.3 deployment to 2.4 , some issues

March 25 - Alex P - displaying subject information:  way to get around display the ID of a subject in the URL on the UI? 

March 26 - ZachB -  app group admins want to assign non group admins for attestation, however beyond getting the message to look at the group, those delegates aren't able to mark the group as attested without update permission on the group.

March 26 - Chris Hyz - custom UI screen announcement

March 26 - Paul R  - error lasted about 12 hours in our production grouper 2.4 env.  t produced hundreds of thousands of log entries and ~4M extra queries to LDAP  

March 27 Lacey - db connection errors when trying to run a large loader job. (fixed)

March 27 -Alex P - rule that only allows members if they’re in a certain source (so only groups can be added as members instead of users to this group). (Fixed by

March 29 -Chris Hy - Announcing new feature for DDL in 2.5

March 30 - Erin M -Grouper School   June 2-3 will be online

March 30 - Tommy D - Grouper containers questions

March 30 - Carey -  Is there a way ( other than looping over all groups and checking each one ) to find groups that have not had a membership change in the last "N" days?

March 31 - Sudheer - How to  often the full sync provisioner should run (hourly vs weekly vs daily vs monthly)?  best practice ?

March 31 - Erik C -   What's the best way to measure whether an incremental sync is "successful" or not?  Can we trust the loader job status?


Grouper-users list

Re: [grouper-users] [PSPNG] Full sync of a single group, Jeffrey Williams, 03/23/2020

Re: [grouper-users] How to define stem navigator privileges, Olivier Salaün, 03/27/2020


Wiki Updates

Next Grouper Call: Wed April 15, 2020

  • No labels